AI Component

API

AI APIs are the boundary between the application and the model. Self-hosted inference servers (vLLM, Triton, Ollama, TGI) and third-party gateways (LiteLLM, OpenRouter) expose OpenAI-compatible endpoints, and the same web-app vulnerability classes appear here: missing or weak authentication on /v1/chat/completions, broken authorization between tenants, lack of rate limiting that lets an attacker drain quota or burn GPU time, and overly permissive CORS that leaks API keys from browser-side calls. The blast radius is unusual: a single auth-bypass on an inference endpoint exposes both data and compute, and in the case of paid hosted models, directly costs money. We have seen production CVEs across most popular self-hosted servers in the last 18 months. Defenses: require auth on every endpoint, per-tenant rate limits, separate key scopes for read vs admin, and pin server versions aggressively.

482
Total CVEs
25
Pages
Page 19 of 25
Current
Severity CVE CVSS
HIGH CVE-2025-0616 8.2
MEDIUM CVE-2026-50634 6.5
UNKNOWN CVE-2026-49347 -
UNKNOWN CVE-2026-8828 -
MEDIUM CVE-2026-53830 6.5
MEDIUM GHSA-534h-c3cw-v3h9 5.5
HIGH CVE-2026-53721 -
MEDIUM GHSA-c9cv-mq2m-ppp3 -
CRITICAL CVE-2026-48746 9.1
HIGH CVE-2026-53840 7.1
MEDIUM CVE-2026-53852 5.4
CRITICAL CVE-2026-49468 8.1
LOW GHSA-m3q2-p4fw-w38m -
MEDIUM CVE-2026-54015 6.4
HIGH CVE-2026-54013 7.6
HIGH CVE-2026-54010 8.3
MEDIUM CVE-2026-54009 6.5
HIGH CVE-2026-54008 8.5
HIGH CVE-2026-54007 -
MEDIUM CVE-2026-54233 6.5

Page 19 of 25